SAP Enterprise Application Software

stack.watch can email you when security vulnerabilities are reported in any SAP product. You can add multiple products that you use with SAP to create your own personal software stack watcher.

Products by SAP Sorted by Most Security Vulnerabilities since 2018

SAP Businessobjects Business Intelligence Platform39 vulnerabilities

SAP 3d Visual Enterprise Viewer23 vulnerabilities

SAP Internet Graphics Server23 vulnerabilities

SAP Businessobjects Business Intelligence19 vulnerabilities

SAP Netweaver19 vulnerabilities

SAP Netweaver Application Server Java18 vulnerabilities

SAP Solution Manager18 vulnerabilities

SAP Disclosure Management15 vulnerabilities

SAP Netweaver As Abap14 vulnerabilities

SAP Adaptive Server Enterprise11 vulnerabilities

SAP Netweaver Process Integration11 vulnerabilities

SAP Commerce Cloud11 vulnerabilities

SAP Enable Now8 vulnerabilities

SAP Hana Extend Application Services8 vulnerabilities

SAP Netweaver As Abap Business Server Pages7 vulnerabilities

SAP Hana7 vulnerabilities

SAP Business One6 vulnerabilities

SAP Businessobjects6 vulnerabilities

SAP Hana Extended Application Services6 vulnerabilities

SAP Landscape Management6 vulnerabilities

SAP Advanced Business Application Programming Platform Kernel5 vulnerabilities

Sap Kernel5 vulnerabilities

SAP Netweaver Knowledge Management5 vulnerabilities

SAP S4hana5 vulnerabilities

SAP Fiori Client5 vulnerabilities

SAP Advanced Business Application Programming Platform Krnl64nuc4 vulnerabilities

SAP Advanced Business Application Programming Platform Krnl64uc4 vulnerabilities

SAP Business Application Software Integrated Solution4 vulnerabilities

SAP Business Warehouse4 vulnerabilities

SAP Businessobjects Bi Platform4 vulnerabilities

SAP Erp4 vulnerabilities

SAP Identity Management4 vulnerabilities

Sapscore4 vulnerabilities

SAP Abap Platform3 vulnerabilities

SAP Advanced Business Application Programming Platform Krnl32nuc3 vulnerabilities

SAP Advanced Business Application Programming Platform Krnl32uc3 vulnerabilities

SAP Business Client3 vulnerabilities

SAP Bw4hana3 vulnerabilities

SAP Treasury Risk Management S4core3 vulnerabilities

SAP Crystal Reports3 vulnerabilities

SAP Customer Relationship Management Webclient Ui3 vulnerabilities

SAP S4fnd3 vulnerabilities

SAP Hana Database3 vulnerabilities

SAP Host Agent3 vulnerabilities

SAP Hybris3 vulnerabilities

SAP Ui3 vulnerabilities

SAP S4 Hana2 vulnerabilities

SAP Netweaver Enterprise Portal2 vulnerabilities

SAP Ui52 vulnerabilities

SAP Banking Services2 vulnerabilities

Banking Services From Sap2 vulnerabilities

SAP Basis2 vulnerabilities

SAP S4hana Financial Products Subledger2 vulnerabilities

SAP Businessobjects Mobile2 vulnerabilities

SAP Cloud Connector2 vulnerabilities

SAP Commerce Cloud Accelerator Payment Mock2 vulnerabilities

SAP Supplier Relationship Management Mdm Catalog2 vulnerabilities

SAP E Commerce2 vulnerabilities

SAP Ea Finserv2 vulnerabilities

SAP Enterprise Extension Financial Services2 vulnerabilities

SAP Enterprise Financial Services2 vulnerabilities

SAP Process Integration2 vulnerabilities

SAP Financial Consolidation2 vulnerabilities

SAP Fiori Launchpad2 vulnerabilities

SAP Fiori Launchpad News Tile Application2 vulnerabilities

SAP Gateway2 vulnerabilities

SAP Work Manager2 vulnerabilities

SAP Mobile Platform2 vulnerabilities

SAP Mobile Secure2 vulnerabilities

SAP Adaptive Server Enterprise Backup Server1 vulnerability

SAP Adaptive Server Enterprise Cockpit1 vulnerability

SAP Advanced Business Application Programming Platform1 vulnerability

SAP Advanced Business Application Programming Server1 vulnerability

SAP Bi Launchpad1 vulnerability

SAP Business One Client1 vulnerability

SAP Business One On Hana1 vulnerability

SAP Cloud Platform Integration1 vulnerability

SAP Crystal Reports Server1 vulnerability

SAP Crystal Reports Visual Studio1 vulnerability

SAP Customer Relationship Management S4crm1 vulnerability

SAP Data Services1 vulnerability

SAP Diagnostics Agent1 vulnerability

SAP Diagnostics Agents1 vulnerability

SAP Dynamic Authorization Management1 vulnerability

SAP Dynamic Tier1 vulnerability

SAP Enterprise Threat Detection1 vulnerability

SAP Erp Client For E Bilanz1 vulnerability

SAP Erp Financials Information System1 vulnerability

SAP Focused Run1 vulnerability

SAP Internet Transaction Server1 vulnerability

SAP Introscope Enterprise Manager1 vulnerability

SAP Inventory Manager1 vulnerability

SAP J2ee Engine Server Core1 vulnerability

SAP Leasing1 vulnerability

SAP Manufacturing Integration Intelligence1 vulnerability

Marketing Sapscore1 vulnerability

SAP Master Data Governance S4core1 vulnerability

SAP Master Data Governance S4fnd1 vulnerability

Master Data Governance Sap Bs Fnd1 vulnerability

SAP Maxdb1 vulnerability

@sap Tweets

SAP and @Microsoft are collaborating for customer success. See how the two companies are helping accelerate the tr… https://t.co/fJogbc2uRf
Sat Jan 23 16:03:07 +0000 2021

SAP CEO @ChrstnKlein welcomes @Microsoft CEO Satya Nadella to #RISEwithSAP! Discover a simpler, modern path to th… https://t.co/uvj3ntYr9o
Fri Jan 22 21:10:00 +0000 2021

RT @thsaueressig: Our strong partnership continues: I’m excited for @SAP and @Microsoft to accelerate innovation for our customers together…
Fri Jan 22 17:09:15 +0000 2021

By the Year

In 2021 there have been 22 vulnerabilities in SAP with an average score of 8.1 out of ten. Last year SAP had 166 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in SAP in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 1.47.

Year	Vulnerabilities	Average Score
2021	22	8.12
2020	166	6.65
2019	123	6.67
2018	126	6.93

It may take a day or so for new SAP vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest SAP Security Vulnerabilities

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21450 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21450 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21451 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21451 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21452 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21452 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21453 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21453 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21454 8.8 - High - January 12, 2021

CVE-2021-21454 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21455 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21455 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21456 8.8 - High - January 12, 2021

CVE-2021-21456 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21457 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21457 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21458 8.8 - High - January 12, 2021

CVE-2021-21458 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21459 8.8 - High - January 12, 2021

CVE-2021-21459 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21460 8.8 - High - January 12, 2021

CVE-2021-21460 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21461 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21461 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21462 8.8 - High - January 12, 2021

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2021-21462 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21463 8.8 - High - January 12, 2021

CVE-2021-21463 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Read

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21464 4.3 - Medium - January 12, 2021

CVE-2021-21464 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2021-21449 8.8 - High - January 12, 2021

CVE-2021-21449 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200

CVE-2021-21466 8.8 - High - January 12, 2021

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

CVE-2021-21466 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

SAP Banking Services (Generic Market Data) 400

CVE-2021-21467 4.3 - Medium - January 12, 2021

SAP Banking Services (Generic Market Data) 400, 450, and 500 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

CVE-2021-21467 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

AuthZ

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database

CVE-2021-21465 9.9 - Critical - January 12, 2021

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

CVE-2021-21465 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges

CVE-2021-21468 6.5 - Medium - January 12, 2021

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

CVE-2021-21468 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

AuthZ

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011

CVE-2021-21445 5.4 - Medium - January 12, 2021

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.

CVE-2021-21445 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755

CVE-2021-21446 7.5 - High - January 12, 2021

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.

CVE-2021-21446 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which

CVE-2020-26835 6.1 - Medium - December 09, 2020

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

CVE-2020-26835 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Solution Manager 7.2 (User Experience Monitoring)

CVE-2020-26830 8.1 - High - December 09, 2020

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.

CVE-2020-26830 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

AuthZ

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script

CVE-2020-26837 9.1 - Critical - December 09, 2020

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.

CVE-2020-26837 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Directory traversal

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200

CVE-2020-26838 9.1 - Critical - December 09, 2020

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

CVE-2020-26838 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Shell injection

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50

CVE-2020-26826 6.5 - Medium - December 09, 2020

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.

CVE-2020-26826 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Unrestricted File Upload

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges

CVE-2020-26831 9.6 - Critical - December 09, 2020

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).

CVE-2020-26831 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check

CVE-2020-26829 10 - Critical - December 09, 2020

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.

CVE-2020-26829 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

authentification

SAP Solution Manager (Trace Analysis), version - 720

CVE-2020-26836 6.1 - Medium - December 09, 2020

SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.

CVE-2020-26836 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Open Redirect

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105

CVE-2020-26832 7.6 - High - December 09, 2020

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

CVE-2020-26832 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.

AuthZ

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material

CVE-2020-26816 4.5 - Medium - December 09, 2020

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.

Missing Encryption of Sensitive Data

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type

CVE-2020-26828 6.4 - Medium - December 09, 2020

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet

CVE-2020-26828 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Unrestricted File Upload

SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication

CVE-2020-26834 5.4 - Medium - December 09, 2020

SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.

CVE-2020-26834 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

authentification

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information

CVE-2020-6317 3.5 - Low - November 30, 2020

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

Information Leak

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755

CVE-2020-26825 6.1 - Medium - November 13, 2020

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.

CVE-2020-26825 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2020-26817 7.8 - High - November 10, 2020

SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2020-26817 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which

CVE-2020-26807 3.3 - Low - November 10, 2020

SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.

CVE-2020-26807 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Incorrect Default Permissions

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection

CVE-2020-26808 7.2 - High - November 10, 2020

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.

CVE-2020-26808 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

SAP Solution Manager (JAVA stack), version - 7.20

CVE-2020-26821 10 - Critical - November 10, 2020

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.

CVE-2020-26821 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

AuthZ

SAP Solution Manager (JAVA stack), version - 7.20

CVE-2020-26822 10 - Critical - November 10, 2020

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.

CVE-2020-26822 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

AuthZ

SAP Solution Manager (JAVA stack), version - 7.20

CVE-2020-26823 10 - Critical - November 10, 2020

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.

CVE-2020-26823 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

AuthZ

SAP Solution Manager (JAVA stack), version - 7.20

CVE-2020-26824 10 - Critical - November 10, 2020

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.

CVE-2020-26824 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

AuthZ

SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0

CVE-2020-26814 4.9 - Medium - November 10, 2020

SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.

CVE-2020-26814 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755

CVE-2020-26815 8.6 - High - November 10, 2020

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.

CVE-2020-26815 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

XSPA

SAP Commerce Cloud, versions- 1808,1811,1905,2005

CVE-2020-26809 5.3 - Medium - November 10, 2020

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

CVE-2020-26809 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Incorrect Default Permissions

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005

CVE-2020-26811 5.3 - Medium - November 10, 2020

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

CVE-2020-26811 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

XSPA

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005

CVE-2020-26810 7.5 - High - November 10, 2020

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity.

CVE-2020-26810 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

SAP ERP and SAP S/4 HANA

CVE-2020-6316 4.3 - Medium - November 10, 2020

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

CVE-2020-6316 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

AuthZ

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50

CVE-2020-26820 7.2 - High - November 10, 2020

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.

CVE-2020-26820 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Unrestricted File Upload

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components

CVE-2020-26819 8.8 - High - November 10, 2020

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

CVE-2020-26819 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

authentification

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information

CVE-2020-26818 8.8 - High - November 10, 2020

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.

CVE-2020-26818 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Information Leak

SAP 3D Visual Enterprise Viewer, version 9

CVE-2020-6315 5.5 - Medium - October 20, 2020

SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure.

CVE-2020-6315 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430

CVE-2020-6308 5.3 - Medium - October 20, 2020

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.

CVE-2020-6308 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

XSPA

There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework

CVE-2020-6367 6.1 - Medium - October 20, 2020

There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.

CVE-2020-6367 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP NetWeaver Design Time Repository (DTR)

CVE-2020-6370 4.8 - Medium - October 20, 2020

SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2020-6370 is exploitable with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7)

CVE-2020-6369 5.9 - Medium - October 20, 2020

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.

CVE-2020-6369 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents

CVE-2020-6366 6.5 - Medium - October 20, 2020

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.

CVE-2020-6366 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.

Improper Input Validation

SAP Banking Services version 500, use an incorrect authorization object in some of its reports

CVE-2020-6362 6.5 - Medium - October 20, 2020

SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component.

CVE-2020-6362 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

AuthZ

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page

CVE-2020-6365 6.1 - Medium - October 15, 2020

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.

CVE-2020-6365 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Open Redirect

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2020-6372 7.8 - High - October 15, 2020

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2020-6372 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2020-6373 7.8 - High - October 15, 2020

CVE-2020-6373 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2020-6374 7.8 - High - October 15, 2020

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2020-6374 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Read

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2020-6375 5.5 - Medium - October 15, 2020

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2020-6375 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation

SAP 3D Visual Enterprise Viewer, version - 9

CVE-2020-6376 5.5 - Medium - October 15, 2020

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVE-2020-6376 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Input Validation

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS

CVE-2020-6323 6.1 - Medium - October 15, 2020

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

CVE-2020-6323 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker

CVE-2020-6368 5.4 - Medium - October 15, 2020

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.

CVE-2020-6368 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user

CVE-2020-6363 4.6 - Medium - October 15, 2020

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration.

CVE-2020-6363 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Insufficient Session Expiration

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which

CVE-2020-6272 5.4 - Medium - October 15, 2020

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2020-6272 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50

CVE-2020-6319 6.1 - Medium - October 15, 2020

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.

CVE-2020-6319 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way

CVE-2020-6364 10 - Critical - October 15, 2020

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.

CVE-2020-6364 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Shell injection

User enumeration vulnerability

CVE-2020-6371 4.3 - Medium - October 15, 2020

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

CVE-2020-6371 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Information Leak

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755

CVE-2020-6324 6.1 - Medium - September 09, 2020

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.

CVE-2020-6324 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50

CVE-2020-6326 5.4 - Medium - September 09, 2020

SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.

CVE-2020-6326 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence

CVE-2020-6283 6.1 - Medium - September 09, 2020

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.

CVE-2020-6283 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content

CVE-2020-6313 6.5 - Medium - September 09, 2020

SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.

CVE-2020-6313 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Output Sanitization

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface)

CVE-2020-6288 5.3 - Medium - September 09, 2020

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed.

CVE-2020-6288 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Unrestricted File Upload

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account

CVE-2020-6312 5.4 - Medium - September 09, 2020

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized.

CVE-2020-6312 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750

CVE-2020-6310 4.3 - Medium - August 12, 2020

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

CVE-2020-6310 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Information Leak

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50

CVE-2020-6284 9 - Critical - August 12, 2020

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content could result in complete compromise of system confidentiality, integrity and availability, leading to Stored Cross Site Scripting.

CVE-2020-6284 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

XSS

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50

CVE-2020-6293 6.5 - Medium - August 12, 2020

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access control lists and other upload file size restrictions, leading to Unrestricted File Upload.

CVE-2020-6293 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Unrestricted File Upload

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0

CVE-2020-6295 7.8 - High - August 12, 2020

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure.

CVE-2020-6295 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Information Leak

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3

CVE-2020-6300 4.8 - Medium - August 12, 2020

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.

CVE-2020-6300 is exploitable with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755

CVE-2020-6299 4.3 - Medium - August 12, 2020

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

CVE-2020-6299 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Information Leak

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code

CVE-2020-6296 8.8 - High - August 12, 2020

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

CVE-2020-6296 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750

CVE-2020-6280 2.7 - Low - July 14, 2020

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

CVE-2020-6280 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Information Leak

SAP Business Objects Business Intelligence Platform (bipodata)

CVE-2020-6276 6.1 - Medium - July 14, 2020

SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.

CVE-2020-6276 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Business Objects Business Intelligence Platform (BI Launchpad)

CVE-2020-6281 6.1 - Medium - July 14, 2020

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.

CVE-2020-6281 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which

CVE-2020-6287 10 - Critical - July 14, 2020

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

CVE-2020-6287 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

authentification

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

CVE-2020-6282 5.8 - Medium - July 14, 2020

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.

CVE-2020-6282 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

XSPA

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50

CVE-2020-6286 5.3 - Medium - July 14, 2020

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

CVE-2020-6286 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Directory traversal

Some sensitive cookies in SAP Disclosure Management

CVE-2020-6267 5.4 - Medium - July 14, 2020

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.

CVE-2020-6267 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Incorrect Permission Assignment for Critical Resource

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions

CVE-2020-6285 6.5 - Medium - July 14, 2020

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

CVE-2020-6285 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2

CVE-2020-6278 5.4 - Medium - July 14, 2020

SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting

CVE-2020-6278 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery

CVE-2020-6289 8.8 - High - July 14, 2020

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.

CVE-2020-6289 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

352

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore

CVE-2020-6291 8.8 - High - July 14, 2020

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

CVE-2020-6291 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Insufficient Session Expiration

SAP Disclosure Management

CVE-2020-6290 6.3 - Medium - July 14, 2020

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.

CVE-2020-6290 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

384

Logout mechanism in SAP Disclosure Management

CVE-2020-6292 8.8 - High - July 14, 2020

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.

CVE-2020-6292 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Insufficient Session Expiration

SAP Solution Manager (Trace Analysis), version 7.20

CVE-2020-6261 5.3 - Medium - July 01, 2020

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.

CVE-2020-6261 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Downstream Injection

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data

CVE-2020-6260 5.3 - Medium - June 10, 2020

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.

CVE-2020-6260 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

XML Injection (aka Blind XPath Injection)